Businesses ignoring half of their security alerts, warns Cisco

Cisco’s annual cybersecurity report for 2017 cautions that although there’s a growing awareness about the importance of enterprise security strategies, businesses are often on the back foot when it comes to actually investigating security alerts – and able to investigate just half of the security alerts they face daily.

The annual report, now in its 10th year, surveyed almost 3,000 CSOs in 13 countries. It found that the overwhelming majority of organisations – at 90 percent – are taking active steps to improving their threat detection capabilities but are finding themselves overwhelmed by security alerts. Cisco says this could be for any number of reasons, such as the lack of an integrated defence system, processes that are not automated, or simply not having the staff availability.

Cisco found that of alerts that were investigated, 28 percent of these were legitimate threats – but it should go without saying that having to ignore roughly half of all alerts is a red flag for any organisation. Even small security breaches can create major headaches for organisations, with most recorded breaches taking pulling businesses out of action for one to eight hours – let alone other areas of the businesses that were impacted by public breaches, such as finance, brand reputation, customer retention, and intellectual property.

The company recommends that businesses invest in automated and integrated security to constantly prowl for attack detection and to increase visibility of attacks.

Commenting on the report, chief security technologist at Arbor Networks, Darren Anstee, said: “It’s becoming increasingly important for organisations to invest in security technologies and processes based on their ability to maximise the effectiveness of their security teams, allowing them to investigate quickly and focus on what matters.

“The goal of security is to reduce business risk, that is where value can be demonstrated. To do this organisations need to implement metrics that allow them to quantify whether investments have a positive or negative effect on overall risk.”

According to Cisco’s data, it’s the tried and tested methods of adware and email spam that are behind most breaches, with global spam volume rising in line with the prevalence of large botnets.

Twenty-nine percent of those surveyed reported a loss of revenue directly as a result of public security breaches – and of this group, 10 percent claimed they lost between 40 to 60 percent of their organisational revenue. Similarly, 22 percent of all those surveyed reported losing at least one customer as a direct result of an attack, and 23 percent believed that public data breaches had negatively impacted opportunities with new customers.

The report also notes that many organisations are taking a more conscious approach to cybersecurity than in recent years – 38 percent of those surveyed are now separating out their IT and security teams, and 38 percent are also investing in awareness training for employees. Most of those surveyed – at 65 percent – are using six or more security products in tandem.

The company recommends that all businesses make security a priority at every level, but in particular with executive leadership. It advises that businesses review their security practices, patch, and control all access points to network systems, applications, and data – as well as establishing clear metrics to test the effectiveness of the business’ security.

Geopolitical tensions

Cisco also warns of increased geopolitical tensions and government interference in communications channels as a serious concern for businesses.

In its ‘geopolitical update’, the company writes that both vendors and users are uneasy about national and regional data laws, and data sovereignty and localisation have become major issues. This is leading to growth in cloud computing and localised data storage to keep up pace with regulations, such as GDPR across the EU.

But, the report states, “more governments are giving themselves the legal right – often on a broad basis – to bypass or break encryption or technical protection measures, often without the knowledge of the manufacturer, communication provider, or the user.”

It goes on to say that this is creating tensions between local legal authorities and technology companies, but also between governments, and a lack of transparency from governments is negatively impacting the ability of vendors to improve their own security.

“Many governments collect information about zero-day exploits and vulnerabilities that they discover in vendor software,” the report states. “However, they are not always transparent with vendors about the information they possess, or sharing it in a timely manner. Hoarding such information prevents vendors from improving security in their products and providing users with better protection from threats.”

Cisco recommends that legal authorities should start “from the default position that sharing information with vendors can only lead to a far more secure digital environment for everyone.”